26 comments

[ 6.0 ms ] story [ 77.4 ms ] thread
Glad this one didn’t open with a song parody.
The main question is why use Telnet when ssh is available. Some people mentioned routers, maybe that is why. But I would think in this day and age routers would now use ssh.

I do remember reading a long time ago telnet does/can support encryption. But when I looked at the systems I have access to, the manuals have no mention of that.

It is surprisingly common to find routers with " export firmware " installed out of the box, that do not have ssh support to avoid the interactions with US Cryptographic export licencing complications
Well, that certainly explains why no one in the US telnet BBS community seemed to be discussing having connectivity problems.
Do you have to restart your computer to exit telnet?:)
I think scoffing at plaintext protocols is silly. Contemporary security architecture is a nightmare. It’s like scoffing at keyboards for sending key codes in the open to the HID controller because you’ve failed to secure your machine so badly you have adversaries in your HID controller.

If you have a well secured LAN where trust is social SSH gets you nothing. SMTP telnet http being plain were from days when users were able to actually reason about what was happening within their OS. If there’s anything that should be scoffed at its us now with our bloated opaque corporate controlled OSes.

> However, in the context of data from Terrace and others we believe a more likely factor is the vantage point itself. Internet scanning often consists of large campaigns coordinated by specific actors,

How does one do a measurement of traffic like this? You would have to own the nodes in the packet route to be able to see traffic, but TerraceNetworks or GreyNoise don't seem to be companies that do that. How do they get the data to analyze?

I first used telnet in the 1990s to connect and play a text-based MUD.

Back then we had large monitors with black background and green text font; for most people black background and white text was probably more common, but I remember having played that MUD for some weeks on such a setup (on a campus site, so these computers were used by students; we only had access to the campus on the weekend as the main guy's father in our group worked at that university).

It actually was fun to use telnet like that and play the MUD, even if inconvenient. Of course our group soon switched to MUD clients that were more convenient to use, so using telnet became super-rare. I only used telnet a few more times after that. About three times again playing lateron when I had no internet connection, and for a few other things too, unrelated to MUDs, e. g. testing websites and similar activities.

For connections, I kind of use ssh much more frequently so, even on windows via the tabby terminal. It is not as convenient on Linux (there I tend to prefer KDE konsole) but it works fairly well.

I have not used telnet in quite some years now, but I still remember fondly to having typed commands to search for herbs in a meadow on that MUD (well, room designated was meadows and you could find herbs which would replenish over time, so you could search, sell and so forth; I have not played any MUDs since decades but it was fun in the 1990s era).

Telnet will probably never die since it is so simple, but I think it is also not quite as important as it was, say, in the 1990s or so. Would be interesting for statistics that could measure this more objectively.

I [ab]use telnet regularly as a debugging tool than its intended purpose. Pretty handy tool to check TCP connectivity.
Yeah it's an easy way to check if a port is responding, and you can actually drive some protocols using telnet.

Eg: `telnet some.http.addr 80` and then type in `GET /index.html HTTP/1.0` and hit enter twice.

You can use it to test SMTP servers too.

Wrong tool for the job. Netcat gives you raw TCP as stdin/stdout without injecting or interpreting control codes.
I use it strictly on older systems that only use telnet and for casual port checking on some equipment. Last time I had to check if AIS equipment is working properly. Some people think "servers" are the only thing in this world. Telnet is one of those things that probably keeps this world function properly.
(comment deleted)
Telnet scanning is definitely down overall from what I can tell, but only by half of what it was in past months. It spiked a bunch around the time of the telnetd cve, but that's to be expected.
Unfortunately towel.blinkenlights.nl is permanently dead
Frankly I'm a little sceptical about the claim that large ISPs are blocking telnet on their core routers. Core routers need to forward traffic, not inspect it. I don't see why a large ISP should burden its core infrastructure with something so trivial as telnet-specific traffic.
Half the time when people say they're using telnet (including in this thread) they're really just using the client as a TCP client, not doing anything with the Telnet protocol.

No one is stopping you from using the telnet client. And really you should just use netcat

There's one thing I haven't figured out with netcat- how do you know it connected? (I just looked it up, after many years: the -v flag. Which makes sense because netcat is supposed to be "transparent").
telnet is very popular tool to check the port firewall
In my opinion just like IPv4, telnet and ftp will be around long after all of us. Teach your grand-kids all the escape sequences, variables and terminal types. This will be required for their Pip-Boy to connect to mainframes and terminals when keys are missing.